Method and system for transmission of decrypting information

ABSTRACT

At the moment of the diffusion of Pay-TV with multi-channel signals, each channel is associated to authorization messages (ECM) which allow to decrypt this channel according to the rights of the subscriber. When changing channel, a very short time is accepted before one has determined these new rights in relation with the new channel. The heavy encrypting algorithms are thus excluded. To avoid this drawback, to decrypt a channel, a system is proposed using the combination of the authorization information for a channel (ECM), and thus encrypted by a fast algorithm, with authorization information (MECM) for a group of channels. These latter are encrypted by a high security algorithm and are thus slower to decrypt.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a Chapter II National Stage filing fromPCT/IB01/00094, International filing date of 24 Jan. 2001, which claimspriority to CH 0166/00 filed 28 Jan. 2000, and U.S. 60/226,769 filed 21Aug. 2000. Each of the above applications is incorporated herein byreference.

FIELD OF THE INVENTION

This invention concerns a process and system of decrypting information(data) transmission between a management system and a subscriber'sdecoder.

BACKGROUND OF THE INVENTION

The decoders of subscribers of Pay-TV contain a decrypting unit able totreat the arriving signals by cable or by hertz. These signals can beanalog or digital.

These signals are of different types, according to whether they containaudio type information, video or of control.

The latter category includes management messages (called EMM messages)that is to say messages containing controls directed to a decoder or toa group of decoders, and control messages (called ECM messages), that isto say containing authorization messages among others, informationallowing to decrypt the signals in transmission.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be better understood thanks to the following detaileddescription which refers to the annexed drawings which are given as anexample not limitative, in which:

FIG. 1 represents the transmission of the (ECM) and (MECM) messages ontwo channels A and B;

FIG. 2 represents the security cryptographic unit.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the present application, we refer to authorization messages (ECM)destined to the decrypting of the audio and video signals.

The offer proposed to subscribers of Pay-TV includes many channels eachof which encrypted according to one or more particular keys. This isnecessary because of the fact that a subscriber can undertake asubscription for a channel without having the right to take advantage ofothers channels.

The authorization messages (ECM) are encrypted with a key suitable forthe management system. The subscriber's decoder includes a securitycryptographic unit able to decrypt these messages. For security reasons,the authorization information allowing the decrypting of the usefulsignals (video and audio) are changed periodically. The managementsystem transmits these messages (ECM) under encrypted form to thecryptographic unit able to decrypt these messages, manages theauthorizations and according to the rights of the subscriber, transmitsto the decoder the information necessary for the decrypting of video andaudio signals.

The result of the decrypting by the cryptographic unit is called“control word” abbreviated with “CW”. The control-words pilot thedecoder and the subscriber can thus have the full advantage of thetransmitted information.

As indicated above, these control-words are changed regularly in orderto prevent a pirate to calculate this information of control by means ofa powerful computer, and benefit free of charge from a paying service.This is why these control-words are changed regularly, the period beingtypically from 1 to 20 seconds. This period is called crypto-period.

The authorization messages (ECM) are sent with a higher frequency thanthe crypto-period, for example every 100 milliseconds. This isindispensable on the one hand when starting the decoder service and, onthe other hand when changing channels.

In fact, to be able to visualize the desired transmission, thecontrol-words are necessary for the decrypting of the signals. It is notgood to wait 5 seconds in front of the screen in order that the imageclearly appears.

In the second case, the control-words being for each channel, one shouldawait the end of the crypto-period to receive the authorization messageallowing the decrypting of the signals of the new channel. In the sameway as previously stated, one cannot accept a delay of several secondswhen changing channel.

This is why, in practice, the authorization messages (ECM) are sent to afrequency comprised between 5 and 20 per second.

When changing channel, the time separating the order of the subscriberand the visualization of the desired channel must be the shorter one.According to the usual standards, a duration of about 500 millisecondsis considered as being acceptable.

During this lapse of time, the following operations are carried out:

-   -   placement of the audio, video and control filters on the new        channel;    -   waiting of the next message (ECM) containing the encrypted        control-word for said channel;    -   reception of this message (ECM) and transmission to the        cryptographic unit for decrypting; and    -   execution of the decrypting algorithm by the cryptographic unit        and return of the decrypted control-word, transmission of this        word to the decoder;    -   start of the MPEG decompression and waiting of an image complete        of synchronization.

One sees, by the chaining of these operations, that it cannot be carriedout in parallel, and thus each of them goes into the determination ofthe maximum duration in the case of change of channel.

It is known that the more the encrypting algorithm is of high security,the more the operations necessary for the decrypting are long. On theother hand, the decrypting time taking part directly in the calculationof the commutation duration between channels, cannot be lengthened toimprove the quality of the encryption. This is why the security of theused algorithms to obtain the control-words is obligingly limited bythese constraints of time.

A known method is described in the document EP 0 583 202 and consists insending, on the active channel, not only the authorization messages(ECM) of the channel concerned, but also the authorization messages ofthe other channels. These latter are transmitted to a lower frequency soas not to congest the transmission.

This method presents the drawbacks to congest the channel withunnecessary messages and needs the memorization of all authorizationmessages for a use when changing channel. Another unsolved aspect bythis document is the increase of the quality (and thus of the duration)of the decrypting operation which should not increase the commutationtime between channels.

The aim of this invention is to propose a method and a transmissionsystem of encrypted information which assures a high security to thedestination control-words of the decoder, without lengthening theduration of treatment of the control-word specific to a channel.

This aim is fully reached by the utilization of a control-word obtainedby combination of the decrypting of an authorization message (ECM) foreach channel and of the decrypting of an authorization message common toa group of channels.

In the following description, the messages for each channel are called“mono-channel authorization messages (ECM)” and the messages common to agroup of channels are called “multi-channel authorization messages(MECM)” (Master ECM).

The algorithm of treating the messages (ECM) is of the fast type andoffers thus a limited security. This is imposed by the little timerequired at the time of the passage from one channel to another.

On the other hand, according to the invention, it is not possible toobtain the control-words (CW) only by the treatment of the mono-channelmessages (ECM). The cryptographic unit, to be able to decrypt theencrypted information, must contain the received information in amono-channel message (ECM) and in a multi-channel message (MECM). Thelatter is decrypted by a key called system because it is independentform the different channels.

At the moment of the change or commutation from one channel to another,the information contained in the mono-channel authorization message(ECM) suitable for the new channel is combined with the informationcontained in the multi-channel authorization message (MECM) already inthe cryptographic unit, these latter being common to the two channels.In this way, the decrypting duration of the message (MECM) does notintervene in the calculation of the commutation duration as describedabove. Therefore, the algorithm to decrypt the messages (MECM) can bestronger and thus need a longer time without therefore penalizing thecommutation time. Furthermore, the simple use of a different algorithmincreases the security of the system.

The content of the multi-channel messages (MECM) can vary according to aperiod identical to the message (ECM) (crypto-period), or according to amultiple of this period.

If the time between two mono-channel messages (ECM) is important, sinceit intervenes directly in the calculation of the maximum time ofcommutation between two channels, it is not the same for the timebetween two multi-channel messages (MECM). Since this message is commonto a group of channels, it can have a greater time. In fact, itsrepetition interval intervenes only at the moment of the placing undertension of the decoder. In the case of the figure, one sees that arepetition of 1 to 2 messages per second is sufficient.

In FIG. 1 the messages allowing to decrypt the video and audio signalsare represented schematically, on two lines. One can observe at regularintervals, the transmission of the mono-channel messages (ECM) for eachchannel. On the “A” channel, the “A” mono-channel authorization messages(ECM) are transmitted. On the “B” channel, the “B” mono-channelauthorization messages (ECM) are transmitted. The multi-channel messages(MECM) common to channels A and B, are transmitted on the two channels.

In a mode of realization using the analog diffusion, the mono-channeland multi-channel authorization messages are effectively transmitted oneach channel, one channel being associated to one frequency. On theother hand, on the numerical diffusion systems, the notion of a channelassociated to a frequency does not exist. The multi-channel messages(MECM) can be added in the messages for this channel or transmitted in aglobal way to the information flux without it being necessary to repeatit on each channel.

According to this example, the periodicity of the multi-channel messages(MECM) is lower by half to the periodicity of the mono-channel messages(ECM). The periodicity of the messages (MECM) is determined by theacceptable decrypting time at the moment of the first use. In this case,it will be possible to decrypt the signals after having received atleast one message (ECM) and one message (MECM). This is why a repetitionof approximately one second for the message (MECM) is acceptable anddoes not encumber the pass-band of the system. Once the message (MECM)is received and treated, it is immediately available when changingchannel with the new message (ECM).

Another aspect of the invention is the taking into account of thereductions from the start of the crypto-period according to thechannels. In fact, the change of the control-word can be made atdifferent moments according to the channels. Therefore, for example, onthe “A” channel, the control-word (CW) changes, from CW-A1 to CW-A2.According to the invention, the control-word is from then obtained dueto the multi-channel message (MECM-2). On the other hand, in thehypothesis where the new channel B operates always with the control-word(CW-B1), it will be necessary to use the multi-channel message (MECM-1).This is why each message (MECM) contains the information of severalcrypto-periods, so allowing to be free of differences of synchronizationof the channels.

FIG. 2 illustrates the functionality of these data transmitted in themulti-channel message (MECM). The mono-channel message (ECM) containsthe control-word (CW) under encrypted form and is transmitted to thecryptographic unit (CU) able to decrypt this information. For this, itdisposes of parameters P1, P2 to Pn which define the rights associatedto the system in general, and to this channel in particular. This unitcalculates, thanks to these parameters, the control-word (CW). Accordingto the invention, the data transmitted by the message (MECM), oncedecrypted, can modify the parameters upstream of the cryptographic unit(CU), or downstream of this unit.

According to a particular form of the invention, the final control-word(CW) is obtained by a logic operation between the information containedin the message (MECM) and the message (ECM), such that addition,subtraction, or exclusive or multiplication.

1. A multi-channel transmission system of encrypted information forPay-TV, comprising a management centre and at least one subscriber unit,the management centre transmitting mono-channel authorization messagesencrypted for each channel, said management center also transmittingencrypted multi-channel authorization messages common to a group ofchannels, said multi-channel authorization messages being transmitted toa subscriber unit at a lower frequency of transmission than that of saidmono-channel authorization messages, said subscriber unit including asecurity cryptographic unit for decrypting said mono-channelauthorization messages and said multi-channel authorization messages,said cryptographic unit using a first encryption algorithm fordecrypting said mono channel authorization messages to obtain a firstinformation and using a second encryption algorithm for decrypting themulti-channel authorization messages received after switching on of thesubscriber unit to obtain a second information, said first and secondalgorithms being different, said cryptographic unit combining thedecrypted multi-channel authorization messages with the decryptedmono-channel authorization messages for the retrieval of at least onecontrol word, said at least one control word being formed by acombination of first information contained in at least one of saidmono-channel authorization messages and second information contained inat least one of said multi-channel authorization messages received afterthe switching on of said subscriber unit.
 2. A multi-channeltransmission system according to claim 1, wherein the multi-channelauthorization messages are modified according to a first perioddifferent to a second period of the mono-channel authorization messages.3. A multi-channel transmission system according to claim 1, wherein thesecond information contained in the multi-channel authorization messagesis combined with the first information contained in the mono-channelauthorization messages by an operation including at least one ofaddition, subtraction, exclusive, multiplication and coding.
 4. Amulti-channel transmission system according to claim 1, wherein themulti-channel authorization messages comprise a cryptographic parameterfor decrypting the mono-channel authorization messages in said securitycryptographic unit.
 5. A transmission method of multi-channel encryptedsignals for Pay-TV, the transmission method comprising: switching on asubscriber unit, transmitting multi-channel encrypted signals to thesubscriber unit, transmitting mono-channel authorization messagesencrypted for each channel, decrypting the mono-channel authorizationmessages for one of the channels currently received by a cryptographicunit to obtain a first information, transmitting multi-channelauthorization messages common to a group of channels to said subscriberunit at a lower frequency of transmission than that of said mono-channelauthorization messages, decrypting the multi-channel authorizationmessages received after the switching on of said subscriber unit with adifferent algorithm than used to decrypt the mono-channel authorizationmessages to obtain a second information, and combining the decryptedsecond information of the multi-channel authorization messages with thedecrypted first information of the mono-channel authorization messagesfor the retrieval of at least one control word, said at least onecontrol word being formed by a combination of first informationcontained in at least one of said mono-channel authorization messagesand second information contained in at least one of said multi-channelauthorization messages.
 6. A transmission method of multi-channelencrypted signals according to claim 5, wherein the combination is doneon at least one entry parameter of the cryptographic unit.
 7. Atransmission method of multi-channel encrypted signals according toclaim 5, wherein the combination is done on the results obtained by thecryptographic unit.
 8. A transmission method of multi-channel encryptedsignals according to claim 5, further comprising: modifying themulti-channel authorization messages according to a period different toa modification period of the mono-channel authorization messages.